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Abstract. The call-by-value language RML may be viewed as a canonical re¬ 
striction of Standard ML to ground-type references, augmented by a “bad vari¬ 
able” construct in the sense of Reynolds. We consider the fragment of (finitary) 
RML terms of order at most 1 with free variables of order at most 2, and iden¬ 
tify two subfragments of this for which we show observational equivalence to be 
decidable. The first subfragment, RML^®, consists of those terms in which the 
P-pointers in the game semantic representation are determined by the underly¬ 
ing sequence of moves. The second subfragment consists of terms in which the 
O-pointers of moves corresponding to free variables in the game semantic repre¬ 
sentation are determined by the underlying moves. These results are shown using 
a reduction to a form of automata over data words in which the data values have 
a tree-structure, reflecting the tree-structure of the threads in the game semantic 
plays. In addition we show that observational equivalence is undecidable at every 
third- or higher-order type, every second-order type which takes at least two first- 
order arguments, and every second-order type (of arity greater than one) that has 
a first-order argument which is not the final argument. 


1 Introduction 

RML is a call-by-value functional language with state O. It is similar to Reduced ML 
03, the canonical restriction of Standard ML to ground-type references, except that 
it includes a “bad variable” constructor (in the absence of the constructor, the equality 
test is definable). This paper concerns the decidability of observational equivalence of 
finitary RML, RMLf . Our ultimate goal is to classify the decidable fragments of RMLf 
completely. In the case of finitary Idealized Algol (IA), the decidability of observational 
equivalence depends only on the type-theoretic order fT5l of the type sequents. In con¬ 
trast, the decidability of RMLf sequents is not so neatly characterised by order (see 
Figure [I]): there are undecidable sequents of order as low as 2 nm amidst interesting 
classes of decidable sequents at each of orders 1 to 4. 

Following Ghica and McCusker |6|, we use game semantics to decide observational 
equivalence of RMLf. Take a sequent F h M : 9 with r = X\ : 9±, ■ ■ ■ , x n : 9 n . In 
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game semantics CD ESI, the type sequent is interpreted as a P-strategy \r \- M \ 9\ for 
playing (against O, who takes the environment’s perspective) in the prearena \9 h 0]|. 
A play between P and O is a sequence of moves in which each non-initial move has 
a justification pointer to some earlier move - its justifier. Thanks to the fully abstract 
game semantics of RML, observational equivalence is characterised by complete plays 
i.e. r h M = N iff the P-strategies, |T h M] and [T h iV]|, contain the same set 
of complete plays. Strategies may be viewed as highly constrained processes, and are 
amenable to automata-theoretic representations; the chief technical challenge lies in the 
encoding of pointers. 

In (9j we introduced the O-strict fragment of RMLf, RMLostr- consisting of se- 
quents X\ : 9\, ■ ■ ■ , x n : 9 n h M : 9 such that 9 is short (i.e. order at most 2 and arity 
at most 1), and every argument type of every 9i is short. Plays over prearenas denoted 
by O-strict sequents enjoy the property that the pointers from O-moves are uniquely 
determined by the underlying move sequence. The main result in J9| is that the set of 
complete plays of a RMLosti-sequent is representable as a visibly pushdown automa¬ 
ton (VPA). A key idea is that it suffices to require each word of the representing VPA 
to encode the pointer from only one P-question. The point is that, when the full word 
language is analysed, it will be possible to uniquely place all justification pointers. 

The simplest type that is not O-strict is /3 —> (3 —> (3 where (3 £ {int, unit}. Encod¬ 
ing the pointers from O-moves is much harder because O-moves are controlled by the 
environment rather than the term. As observational equivalence is defined by a quan¬ 
tification over all contexts, the strategy for a term must consider all legal locations of 
pointer from an O-move, rather than just a single location in the case of pointer from 
a P-move. In this paper, we show that automata over data words can precisely capture 
strategies over a class of non-O-strict types. 

Contributions. We identify two fragments of RMLf in which we can use deterministic 
weak nested data class memory automata 0 (equivalent to the locally prefix-closed 
nested data automata in j5j) to represent the set of complete plays of terms in these 
fragments. These automata operate over a data set which has a tree structure, and we 
use this structured data to encode O-pointers in words. 

Both fragments are contained with the fragment RML 21 - 1 , which consists of terms- 
in-context r h M where every type in /’ is order at most 2, and the type of M is 
order at most 1. The first fragment, the P-Strict subfragment, consists of those terms in 
RML 21-1 for which in the game semantic arenas have the property that the P-pointers in 
plays are uniquely determined by the underlying sequence of moves. This consists of 
terms-in-context r h M : 9 in which 9 is any first order type, and each type in I has 
arity at most 1 and order at most 2. The second fragment, RML^j, consists of terms- 
in-context T h M : 9 in which 9, again, is any first order type, and each type O' £ /'is 
at most order 2, such that each argument for 9' has arity at most 1. Although these two 
fragments are very similar, they use different encodings of data values, and we discuss 
the difficulties in extending these techniques to larger fragments of RMLf. 

Linally we show that observational equivalence is undecidable at every third- or 
higher-order type, every second-order type which takes at least two first-order argu¬ 
ments, and every second-order type (of arity greater than one) that has a first-order 
argument which is not the final argument. See Pigure|T]for a summary. 
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Fig. 1: Summary of RML Decidability Results, (f marks new results presented here; /3 £ 
{ i nt, unit}; we write _L to mean an undecidability result holds (or none is known) even if no 
recursion or loops are present, and the only source of non-termination is through the constant 17) 

Related Work. A related language with full ground references (i.e. with a inf ref ref 
type) was studied in na, and observational equivalence was shown to be undecidable 
even at types F unit —> unit —s> unit. In contrast, for RMLf terms, we show decidability 
at the same type. The key technical innovation of our work is the use of automata 
over infinite alphabets to encode justification pointers. Automata over infinite alphabets 
have already featured in papers on game semantics 11161171 but there they were used 
for a different purpose, namely, to model fresh-name generation. The nested data class 
memory automata we use in this paper are an alternative presentation of locally prefix- 
closed data automata 0. 

2 Preliminaries 

RML We assume base types unit, for commands, int for a finite set of integers, and 
a integer variable type, int ref. Types are built from these in the usual way. The order 
of a type 0 — t O' is given by max{prder{6) + 1, order(B')), where base types unit 
and int have order 0, and int ref has order 1. The arity of a type 6 —» 6' is arity(B') + 
1 where unit and int have arity 0, and int ref has arity 1. A full syntax and set of 
typing rules for RML is given in Figure [2] Note though we include only the arithmetic 
operations succ(i) and pred(z), these are sufficient to define all the usual comparisons 
and operations. We will write let a: = M iniV as syntactic sugar for (Xx.N)M, and 
M; N for (A x.N)M where x is a fresh variable. 



































fl- M : int 


r\~M : int 


* e N 

Pb () : unit P b i : int fb succ (M) : int P b pred(M) : int 

P b M : int r b Mo : 0 F b Mi : 0 P b M : int ref 

P b if M then Mi else M 0 : 0 bb!M: int 

r b M : int ref F b TV : int P b M : int 

F M := N \ unit f brefM: int ref r, x : 0 b x : 0 

r b M : 0 -> 0' P b TV : 0 r, x : 9 \- M : O' 

r b MTV : 0' fb \x e .M : 0 -> 0' 

r b M : int rb TV: unit fbM: unit —»• int P b TV : intunit 

P b while M do TV : unit fb mkvar(M, TV) : int ref 

Fig. 2: Syntax of RML 

The operational semantics, defined in terms of a big-step relation, are standard tm 
For closed terms b M we write M JJ. just if there exist s, H such that 0, M Jj s, V". 
Two terms r b M : 9 and r b TV : 9 are obsenationally equivalent (or contextually 
equivalent ) if for all (closing) contexts C[—] such that 0 b C[M], C[N) : unit, C[M]ij 
if and only if C [TV]-IJ- 

It can be shown that every RML term is effectively convertible to an equivalent term 
in canonical form (SJ Prop. 3.3], defined by the following grammar (/? £ {unit, int}). 

C ::= 0\i\x p \ succjx 3 ) | predjib 3 ) | if a:' 3 then C else C | x ]nt ref := y mt \ !x int ref | 

\x e .C | mkvar(Ax unlt .C, Ay mt .C) | let x = ref 0 in C | whileC do C | let x 11 = C in C | 
let x = zy 13 inC | let x = z mkvar(AM unlt .C, Av mt .<C) inC | let x = ^(Ax e .C) inC 


Game Semantics We use a presentation of call-by-value game semantics in the style 
of Honda and Yoshida o, as opposed to Abramsky and McCusker’s isomorphic model 
|2l , as Honda and Yoshida’s more concrete constructions lend themselves more easily 
to recognition by automata. We recall the following presentation of the game semantics 
for RML from ED. 

An arena A is a triple (Ma, \~a, A^) where Ma is a set of moves where I a Q Ma 
consists of initial moves, b^CI Ma x (Ma\Ia) is called the justification relation , 
and Aa : Ma —> {0,P} x {Q,A} a labelling function such that for all %a G I a 
we have \a{ia) = (P, A) and if m b a to' then ( 7 TiAa)(to) ^ ( 7 nA a)(to') and 
(7T2 Aa)(to') = A =b (tt 2 Aa)(to) = Q. 

The function A .4 labels moves as belonging to either Opponent or Proponent and 
as being either a Question or an Answer. Note that answers are always justified by 
questions, but questions can be justified by either a question or an answer. We will use 
arenas to model types. However, the actual games will be played over prearenas , which 
are defined in the same way except that initial moves are O-questions. 

Three basic arenas are 0, the empty arena, 1, the arena containing a single initial 
move •, and Z, which has the integers as its set of moves, all of which are initial P- 
answers. The constructions on arenas are defined in Figure [3] Here we use I a as an 















abbreviation for Ma\Ia , and A a for the O/P-complement of Aa. Intuitively A® B 
is the union of the arenas A and B, but with the initial moves combined pairwise. 
A => B is slightly more complex. First we add a new initial move, •. We take the 
O/P-complement of A, change the initial moves into questions, and set them to now 
be justified by •. Finally, we take B and set its initial moves to be justified by A’s 
initial moves. The final construction, A —>• B, takes two arenas A and B and produces 
a prearena, as shown below. This is essentially the same as A => B without the initial 
move •. 


Ma=>b = {•} t±J Ad a t±J Ads 
Ia^b = {•} 

PA if m = • 

OQ if m £ I a 

\A(m) if m £ I a 

Ab(tu) if m £ Adg 

P A=S>B = {(•, »a)|*A £ I A} 

U{(*a,*b)|/a £ IaAb £ Is} 
U Fa U Pb 


Ma^b = Ad a W Adg \A^B{m) 
Ia^b = l a Pa->b = 


AIa®b = I a x dg td 7a t±J Ib 
Ia®b — I a x Ib 

( PA if m £ I a x Ib 
\a®b = m£< Aa(ui) if m £ I a 
[ A s(m) if m £ Ib 

P a®b = {((*a, ib), m)\iA £ I a A is £ Ib 
A(ia PArnVtB Pb m)} 

U(Pa n(/A x I a) ) 

U(Pb D(7b x Ib)) 

OQ if m £ I a 
\A{m) if m £ I a 

\B{jn) if m £ Mb 

{(*a, *b)|*a £ I a, ib £ Ib} U Pa U Pb 


Fig. 3: Constructions on Arenas 

We intend arenas to represent types, in particular [unit] = 1, [int] = Z (or a finite 
subset of Z for RMLf) and \6\ —> 6 * 2 ] = [# 1 ] =P [[ 6 * 2 ]■ A term x\ : 9i,..., x n : 6 n P 
M : 6 will be represented by a strategy for the prearena [ 6 *i] <g)... ® [0„] —> [0]. 

A justified sequence in a prearena A is a sequence of moves from A in which the 
first move is initial and all other moves m are equipped with a pointer to an earlier move 
m', such that m' Pa m. A play s is a justified sequence which additionally satisfies the 
standard conditions of Alternation, Well-Bracketing, and Visibility. 

A strategy a for prearena A is a non-empty, even-prefix-closed set of plays from 
A, satisfying the determinism condition: if stoi,sto 2 £ cr then smi = sm. 2 . We 
can think of a strategy as being a playbook telling P how to respond by mapping odd- 
length plays to moves. A play is complete if all questions have been answered. Note 
that (unlike in the call-by-name case) a complete play is not necessarily maximal. We 
denote the set of complete plays in strategy cr by comp (cr). 

In the game model of RML, a term-in-context X\ : 6 \,..., x n : 9 n P A I : 6 is 
interpreted by a strategy of the prearena [0i] ® • • • <8> [^n] —> [0]- These strategies 
are defined by recursion over the syntax of the term. Free identifiers x : 9 P x : 9 are 
interpreted as copy-cat strategies where P always copies O’s move into the other copy 
of [0], A x.M allows multiple copies of [Af] to be run, application MN requires a form 
of parallel composition plus hiding and the other constructions can be interpreted using 
special strategies. The game semantic model is fully abstract in the following sense. 



Theorem 1 (Abramsky and McCusker 11121 ). If T h M : 9 and r h N : 9 are 

RML type sequents, then r h M = N iJcomp([r h MJ) = comp([f h ATJ). 


Nested Data Class Memory Automata We will be using automata to recognise game 
semantic strategies as languages. Equality of strategies can then be reduced to equiva¬ 
lence of the corresponding automata. However, to represent strategies as languages we 
must encode pointers in the words. To do this we use data languages, in which every 
position in a word has an associated data value, which is drawn from an infinite set 
(which we call the data set). Pointers between positions in a play can thus be encoded 
in the word by the relevant positions having suitably related data values. Reflecting the 
hierarchical structure of the game semantic prearenas, we use a data set with a tree- 
structure. 

Recall a tree is a simple directed graph ( D,pred) where pred : D —>■ D is the 
predecessor map defined on every node of the tree except the root, such that every node 
has a unique path to the root. A node n has level l just if pred 1 (n) is the root (thus the 
root has level 0). A tree is of level l just if every node in it has level < l. We define a 
nested data set of level l to be a tree of level l such that each data value of level strictly 
less than l has infinitely many children. We fix a nested data set of level /, V, and a 
finite alphabet £, to give a data alphabet B = S x V. 

We will use a form of automaton over these data sets based on class memory au¬ 
tomata a . Class memory automata operate over an unstructured data set, and on read¬ 
ing an input letter (a, d), the transitions available depend both on the state the automaton 
is currently in, and the state the automaton was in after it last read an input letter with 
data value d. We will be extending a weaker variant of these automata, in which the 
only acceptance condition is reaching an accepting state. The variant of class memory 
automata we will be using, nested data class memory automata 0, works similarly: 
on reading input (a, d) the transitions available depend on the current state of the au¬ 
tomaton, the state the automaton was in when it last read a descendant (under the pred 
function) of d, and the states the automaton was in when it last read a descendant of 
each of d’s ancestors. We also add some syntactic sugar (not presented in J4)) to this 
formalism, allowing each transition to determine the automaton’s memory of where it 
last saw the read data value and each of its ancestors: this does not extend the power of 
the automaton, but will make the constructions we make in this paper easier to define. 

Formally, a Weak Nested Data Class Memory Automaton (WNDCMA) of level l is 
a tuple ( Q , £, A, qo, F ) where Q is the set of states, qo G Q is the initial state, F C Q 
is the set of accepting states, and the transition function 5 = lj!=o & where each <5,; is a 
function: 

Si-.QxEx ({*} x (Q a (B}) i+1 ) ->• V(Q x Q i+1 ) 

We write Q± for the set Q l+J {_!_}, and may refer to the Q\ part of a transition as its sig¬ 
nature. The automaton is deterministic if each set in the image of 5 is a singleton. A con¬ 
figuration is a pair (q, f) where q G Q, and / : V —>• Q± is a class memory function (i.e. 
f(d) = _L for all but finitely many d G T>). The initial configuration is (qo, /o) where 
fo is the class memory function mapping every data value to _L. The automaton can 
transition from configuration (q, /) to configuration (q', f) on reading input (a, d) just 
if d is of level-*, (q', (t 0 , — , U)) G S(q, a, (i , f(pred l (d),..., f(pred(d)), f(d))). 


and /' = f[d >->• ti,pred{d) ^ U-i,... ,pred' l ~ 1 (d ) >->■ t\,pred l {d) t 0 }- A run is 
defined in the usual way, and is accepting if the last configuration (q n , f n ) in the run is 
such that q n £ F. We say w £ L(A) if there is an accepting run of A on w. 

Weak nested data class memory automata have a decidable emptiness problem, re¬ 
ducible to coverability in a well-structured transition system 14151 . and are closed under 
union and intersection by the standard automata product constructions. Further, Deter¬ 
ministic WNDCMA are closed under complementation again by the standard method 
of complementing the final states. Hence they have a decidable equivalence problem. 

3 P-Strict RML 2 (-i 

In (9j, the authors identify a fragment of RML, the O-strict fragment, for which the 
plays in the game-semantic strategies representing terms have the property that the jus¬ 
tification pointers of O-moves are uniquely reconstructible from the underlying moves. 
Analogously, we define the P-strict fragment of RML to consist of typed terms in 
which the pointers for P-moves are uniquely determined by the underlying sequence of 
moves. Then our encoding of strategies for this fragment will only need to encode the 
O-pointers: for which we will use data values. 

3.1 Characterising P-Strict RML 

In working out which type sequents for RML lead to prearenas which are P-strict, it is 
natural to ask for a general characterisation of such prearenas. The following lemma, 
which provides exactly that, is straightforward to prove: 

Lemma 1. A prearena is P-strict iff there is no enabling sequence q h • • • h q' in which 
both q and q' are P-questions. 

Which type sequents lead to a P-question hereditarily justifying another P-question? 
It is clear, from the construction of the prearena from the type sequent, that if a free 
variable in the sequent has arity > 1 or order > 2, the resulting prearena will have 
a such an enabling sequence, so not be P-strict. Conversely, if a free variable is of a 
type of order at most 2 and arity at most 1, it will not break P-strictness. On the RHS 
of the type sequent, things are a little more complex: there will be a “first” P-question 
whenever the type has an argument of order > 1. To prevent this P-question hereditarily 
justifying another P-question, the argument must be of arity 1 and order < 2. Hence the 
P-strict fragment consists of type sequents of the following form: 

(/3 —> ■ ■ ■ —> j3) —> p \- ((/3 —> • • • —>■ /?) —>■ /?) —> ■ ■ ■ —> ((/3 

(where /3 £ {unit, int}.) 

From results shown here and in J8], we know that observational equivalence of all 
type sequents with an order 3 type or order 2 type with order 1 non-final argument 
on the RHS are undecidable. Hence the only P-strict types for which observational 
equivalence may be decidable are of the form: (/3—or 
(j3 —» • • • —>■ /?)—>• /3 P j3 —» • • • —>■ /? —>• (/? —t j3) —» /?. In this section we show that 
the first of these, which is the intersection of the P-strict fragment and RML 21 - 1 , does 
lead to decidability. 


Definition 1. The P-Strict fragment q/RML-j-i, which we denote RML^jf J 1 , consists of 
typed terms of the form x\ : Gi,... ,x n : G\ b M : G\ where the type classes G % are 
as described below: 


6 >o "= unit | int G\ ::= O 0 \ 0 O —> ©1 | int ref G\ ::= ©0 | ©1 —> Go | int ref 

This means we allow types of the form (/3 —»•••—>• /3) —>• /3 b /3 —> /3 where 
/3 G {unit, int}. 

3.2 Deciding Observational Equivalence of RML^ 

Our aim is to decide observational equivalence by constructing, from a term M, an 
automaton that recognises a language representing [M]. As [M] is a set of plays, the 
language representing JM] must encode both the moves and the pointers in the play. 
Since answer moves’ pointers are always determined by well-bracketing, we only rep¬ 
resent the pointers of question moves, and we do this with the nested data values. The 
idea is simple: if a play s is in [M] the language L([MJ) will contain a word, w, such 
that the string projection of w is the underlying sequence of moves of s, and such that: 

- The initial move takes the (unique) level-0 data value; and 

- Answer moves take the same data value as that of the question they are answering; 
and 

- Other question moves take a fresh data value whose predecessor is the data value 
taken by the justifying move. 

Of course, the languages recognised by nested data automata are closed under automor¬ 
phisms of the data set, so in fact each play s will be represented by an infinite set of 
data words, all equivalent to one another by automorphism of the data set. 

Theorem 2. For every typed term r b M : 9 in RML^f that is in canonical form 
we can effectively construct a deterministic weak nested data class memory automata, 
A ai , recognising the complete plays of L(\T b A/]). 

Proof We prove this by induction over the canonical forms. We note that for each 
canonical form construction, if the construction is in RML^f then each constituent 
canonical form must also be. For convenience of the inductive constructions, we in fact 
construct automata A^ 1 recognising [T b M\ restricted to the initial move 7 . Here we 
sketch two illustrative cases. A full proof is provided in Appendix lAl 

\xP.M : (3 —> 9. The prearenas for JM] and JArr^.M] are shown in Figure|4] 
Note that in this case we must have that r,x : (3 b M : 6, and so the initial moves in 
[M] contain an x-component. We therefore write these initial moves as ( 7 , if) where 
7 is the r -component and i x is the x-componciit. 

P’s strategy [Ax^.A/J is as follows: after an initial move 7 , P plays the unique ao- 
move •, and waits for a <f \ -move. Once O plays a q\ -move i x , P plays as in [T, x b M] 
when given an initial move ( 7 , if). However, as the q\ -moves are not initial, it is pos¬ 
sible that O will play another < 71 -move, i' x . Each time O does this it opens a new thread 
which P plays as per [T, x b M\ when given initial move ( 7 , if). Only O may switch 


Qo 



Qn 


CLn Qn 

(a) PA /3 (“ 6>] a n 

(b) [r h p -> 

Fig. 4: Prearenas for [T, x : /? h M : 0] and [T h \x@.M : f} —> 0] 

between threads, and this can only happen immediately after P plays an a.,-move (for 
any j). 

By our inductive hypothesis, for each initial move ( 7 , i x ) of [C, x : /3 h 0] we have 
an automaton A^ ix recognising the complete plays of \T,x : \~ M : 0] starting with 

the initial move ( 7 , i x ). We construct the automaton A„f' M by taking a copy of each 
A^ ix , and quotient together the initial states of these automata to one state, p, (which 
by conditions on the constituent automata we can assume has no incoming transitions). 
This state p will hold the unique level-0 data value for the run, and states and transitions 
are added to have initial transitions labelled with qo and ao, ending in state p. The final 
states will be the new initial state, the quotient state p, and the states which are final in 
the constituent automata. The transitions inside the constituent automata fall into two 
categories: those labelled with moves corresponding to the RHS of the term in context 
r P M, and those labelled with moves corresponding to the LHS. Those transitions 
corresponding to moves on the RHS are altered to have their level increased by 1, with 
their signature correspondingly altered by requiring a level-0 data value in state p. Those 
transitions corresponding to moves on the LHS retain the same level, but have the top 
value of their data value signature replaced with the state p. Finally, transitions are 
added between the constituent automata to allow switching between threads: whenever 
there is a transition out of a final state in one of the automata, copies of the transition are 
added from every final state (though keeping the data-value signature the same). Note 
that the final states correspond to precisely the points in the run where the environment 
is able to switch threads. 

let xP — M in N. Here we assume we have automata recognising [M] and [AT], 
The strategy [let 2:^ = M in (V] essentially consists of a concatenation of [M] and 
[iV], with the result of playing [Af] determining the value of x to use in [iVJ. Hence 
the automata construction is very similar to the standard finite automata construction 
for concatenation of languages, though branching on the different results for [A/] to 
different automata for [iVJ. 

Corollary 1. Observational equivalence of terms in RML^f is decidable 



4 A Restricted Fragment of RML 2 hi 


It is important, for the reduction to nested data automata for RML^f, that variables 
cannot be partially evaluated: in prearenas where variables have only one argument, 
once a variable is evaluated those moves cannot be used to justify any future moves. 
If we could later return to them we would need ensure that they were accessed only 
in ways which did not break visibility. We now show that this can be done, using a 
slightly different encoding of pointers, for a fragment in which variables have unlimited 
arity, but each argument for the variable must be evaluated all at once. This means that 
the variables have their O-moves uniquely determined by the underlying sequence of 
moves. 

4.1 Fragment definition 

Definition 2. The fragment we consider in this section, which we denote RML^, con¬ 
sists of typed terms of the form X\ : 0\,... ,x n : 0\ \~ M : 0\ where the type classes 
Oi are as described below: 

@o unit | int 0\ ::= 0 O \ 0 O —► 0 O | int ref 

@i ::= @o | @o —> 0i | int ref 

This allows types of the form 

(£->0) b 

j3 —t /? where f} G {unit, int}. 

The shape of the prearenas for this 
fragment is shown in Figure 0 Note 
that moves in section A of the prearena 
(marked in Figure [5} relate to the type 
0 1 on the RHS of the typing judge¬ 
ment, and that we need only repre¬ 
sent O-pointers for this section, since 
the P-moves are all answers so have 
their pointers uniquely determined by 
well-bracketing. Moves in sections B 
and C of the prearena correspond to 
the types on the LHS of the typ¬ 
ing judgement. Moves in section B 
need only have their P-pointers rep¬ 
resented, since the O-moves are all 
answer moves. Moves in section C 
have both their O- and P-pointers rep¬ 
resented by the underlying sequence 
of moves: the P-pointers because all 
P-moves in this section are answer 
moves, the O-pointers by the visibility 
condition. 


e\ ::= 01 | e\ -> 0^ 



<?o 


A 

Clo 

I 

qi 

I 

ai 


Qn 


Fig. 5: Shape of arenas in RML 
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4.2 Deciding Observation Equivalence 


Similarly to the P-Strict case, we provide a reduction to weak nested data class memory 
automata that uses data values to encode O-pointers. However, this time we do not 
need to represent any O-pointers on the LHS of the typing judgement, so use data 
values only to represent pointers of the questions on the RHS. We do, though, need 
to represent P-pointers of moves on the LHS. This we do using the same technique 
used for representing P-pointers in 0: in each word in the language we represent only 

° * 

one pointer by using a “tagging” of moves: the string s m s m is used to represent 
the pointer s m s' ml. Because P’s strategy is deterministic, representing one pointer in 
each word is enough to uniquely reconstruct all P-pointers in the plays from the entire 
language. Due to space constraints we do not provide a full explanation of this technique 
in this paper: for a detailed discussion see (8l9l . Hence for a term [fhM : 0] the 
data language we seek to recognise, L(\r h M\) represents pointers in the following 
manner: 


- The initial move takes the (unique) level-0 data value; 

- Moves in |/'J (i.e. in section 11 or C of the prearena) take the data value of the 
previous move; 

- Answer moves in |dj] (i.e. in section A of the prearena) take the data value of the 
question they are answering; and 

- Non-initial question moves in [0] (i.e. in section A of the prearena) take a fresh 
data value nested under the data value of the justifying answer move. 


Theorem 3. For every typed term P h M : 9 in R.VlLjjTj that is in canonical form 
we can effectively construct a deterministic weak nested data class memory automaton, 
Am, recognising the complete plays of L{\r h M]). 

Proof This proof takes a similar form to that of Theorem[2] by induction over canonical 
forms. We here sketch the A-abstraction case. A full proof is provided in Appendix iBl 
Xx^.M : (3 —* 9. This construction is almost identical to that in the proof of 
Theorem[2] again the strategy for P is interleavings of P’s strategy for M : 9. The only 
difference in the construction is that where in the encoding for Theorem [2] the moves 
in each Afj l:< corresponding to the LHS and RHS of the prearena needed to be treated 
separately, in this case they can be treated identically: all being nested under the new 
level-0 data value. We demonstrate this construction in ExampleQ] 


Example 1. Figure [6] shows two weak nested data class memory automata. We draw a 

so 

transition p, a, (j, ( : ) —> p', ( '■ J € 5 as an arrow from state p to p' labelled with 


“a, ^ ^ —y ^ : V. We omit the : ” part °f the label if s' = p' and Sj = s' for 

s 0 Sj Sj 

all i £ {0,1, - - -, J — 1}■ 

The automaton obtained by the constructions in Theorem[3]for the term-in-context 
[ h let c = ref 0 in Ay umt .if !c = 0 then c := 1 else 17] is shown in Figure[6a](to aid 
readability, we have removed most of the dead and unreachable states and transitions). 


“=■•(<«) -(m) 

(a) Automaton for [ b let c = ref 0 in Ay unlt .if !c = 0 then c := 1 else 1?] 



«,(<?) “’(p)-*© 

(b) Automaton for [ b A* 1 " 11 *.let c = ref 0 in Ai/ unlt .if !c = 0 then c := 1 else 1?] 

Fig. 6: Automata recognising strategies 

Note that we have the states (5, 0) and (5,1) - here the second part of the state label 
is the value of the variable c: the top-level data value will remain in one of these two 
states, and by doing so store the value of c at that point in the run. The move q -2 in this 
example corresponds to the environment providing an argument y: note that in a run of 
the automaton the first time a y argument is passed, the automaton proceeds to reach 
an accepting state, but in doing so sets the top level data value to the state (5,1). This 
means the outgoing transition shown from state 7 cannot fire. 

The automaton for [ b Ax unlt .let c = ref 0 in At/ umt .if !c = 0 then c := 1 else 17] 
is shown in Figure[6b](again, cleaned of dead/unreachable transitions for clarity). Note 
that this contains the first automaton as a sub-automaton, though with a new top-level 
data value added to the transitions. The qi move now corresponds to providing a new 
argument for x, thus starting a thread. Transitions have been added from the accepting 
states (5) and (7), allowing a new cc-thread to be started from either of these locations. 
Note that the transition from (7) to (6), which could not fire before, now can fire because 
several data values (corresponding to different x-threads) can be generated and left in 
the state (5, 0). 

5 Undecidable Fragments 

In this section we consider which type sequents and forms of recursion are expressive 
enough to prove undecidability. The proofs of the results this section proceed by identi¬ 
fying terms such that the induced complete plays correspond to runs of Turing-complete 
machine models. Full proofs are given in AnnendixICl 

On the Right of the Turnstile. In ED it is shown that observational equivalence is un¬ 
decidable for 5th-order terms. The proof takes the strategy that was used to show unde- 











cidability for 4th-order IA and finds an equivalent call-by-value strategy. It is relatively 
straightforward to adapt the proof to show that observational equivalence is undecidable 
at 3rd-order types, e.g. ((unit —>• unit) —>• unit) —> unit. A further result in 114) showed 
that the problem is undecidable at the type (unit —» unit) —y (unit —> unit) —y unit. 
Both results easily generalise to show that the problem is undecidable at every 3rd-order 
type and every 2nd-order type which takes at least two lst-order arguments. We modify 
the second of these proofs to show undecidability at (unit —>• unit) —>• unit —»• unit. 
Our proof of this easily adapts to a proof of the following. 

Theorem 4. Observational equivalence is undecidable at every 2nd-order type (of ar- 
ity at least two) which contains a lst-order argument that is not the final argument. 

On the Left of the Turnstile. Note that b M = N : 6 if, and only if, / : 6 — y unit b 
fM = fN : unit. Thus, for any sequent b 0 at which observational equivalence is 
undecidable, the sequent 6 —y unit b unit is also undecidable. So the problem is unde¬ 
cidable if, on the left of the turnstile, we have a fourth-order type or a (third-order) type 
which has a second-order argument whose first-order argument is not the last. 

Recursion. In IA, observational equivalence becomes undecidable if we add recursive 
first-order functions ED. The analogous results for RML with recursion also hold: 

Theorem 5. Observational equivalence is undecidable in RMLo str equipped with re¬ 
cursive functions (unit —y unit) —>• unit 


6 Conclusion 

We have used two related encodings of pointers to data values to decide two related 
fragments of RML 21 - 1 : RML)' h s | l , in which the free variables were limited to arity 1, 
and RML)'( S I , in which the free variables were unlimited in arity but each argument of 
the free variable was limited to arity 1. It is natural to ask whether we can extend or 
combine these approaches to decide the whole of RML21- 1 ■ Here we discuss why this 
seems likely to be impossible with the current machinery used. 

In deciding RML^f we used the nested data value tree-structure to mirror the shape 
of the prearenas. These data values can be seen as names for different threads, with the 
sub-thread relation captured by the nested structure. What happens if we attempt to 
use this approach to recognise strategies on types where the free variables have arity 
greater than 1? With free variables having arity 1, whenever they are interrogated by P, 
they are entirely evaluated immediately: they cannot be partially evaluated. With arity 
greater than 1, this partial evaluation can happen: P may provide the first argument at 
some stage, and then at later points evaluate the variable possibly several times with 
different second arguments. P will only do this subject to visibility conditions though: 
if P partially evaluates a variable x while in a thread T, it can only continue that partial 
evaluation of x in T or a sub-thread of T. This leads to problems when our automata 
recognise interleavings of similar threads using the same part of the automaton. If P’s 
strategy for the thread T is the strategy [M] for a term M, and recognised by an au¬ 
tomaton A m , then [Aj/.M] will consist of interleavings of [MJ. The automaton A Xy ' M 


will use a copy of A ai to simulate an unbounded number of M-threads. If T is one such 
thread, which performs a partial evaluation of x, this partial evaluation will be repre¬ 
sented by input letters with data values unrelated to the data value of T. If a sibling of 
T, T', does the same, the internal state of the automaton will have no way of telling 
which of these partial evaluations was performed by T and which by T'. Hence it may 
recognise data words which represent plays that break the visibility condition. 

Therefore, to recognise strategies for terms with free variables of arity greater than 
1 , the natural approach to take is to have the data value of free-variable moves be related 
to the thread we are in. This is the approach we took in deciding RML^: the free 
variable moves precisely took the data value of the part of the thread they were in. 
Then information about the partial evaluation was stored by the thread’s data value. 
This worked when the arguments to the free variables had arity at most 1: however if 
we allow the arity of this to increase we need to start representing O-pointers in the 
evaluation of these arguments. For this to be done in a way that makes an inductive 
construction work for let x = ( Xy.M ) in N, we must use some kind of nesting of data 
values for the different M-threads. The naive approach to take is to allow the M-thread 
data values to be nested under the data value of whatever part of the A ? -thread they are 
in. However, the M-thread may be started and partially evaluated in one part of the 
TV-thread, and then picked up and continued in a descendant part of that iV-thread. The 
data values used in continuing the M-thread must therefore be related to the data values 
used to represent the partial evaluation of the M-thread, but also to the part of the N- 
thread the play is currently in. This would break the tree-structure of the data values, 
and so seem to require a richer structure on the data values. 


Further Work. A natural direction for further work, therefore, is to investigate richer 
data structures and automata models over them that may provide a way to decide 
RML'2hi • 

The automata we used have a non-primitive recursive emptiness problem, and hence 
the resulting algorithms both have non-primitive recursive complexity also. Although 
work in HO shows that this is not the best possible result in the simplest cases, the exact 
complexities of the observational equivalence problems are still unknown. 

To complete the classification of RMLf also requires deciding (or showing undecid- 
able) the fragment containing order 2 types (on the RHS) with one order 1 argument, 
which is the last argument. A first step to deciding this would be the fragment labelled 
RMLx in figure Q] Deciding this fragment via automata reductions similar to those in 
this paper would seem to require both data values to represent O-pointers, and some 
kind of visible stack to nest copies of the body of the function, as used in 0. In partic¬ 
ular, recognising strategies of second-order terms such as A/./() requires the ability to 
recognise data languages (roughly) of the form {did 2 -..d n d n ...d 2 d\ \ n £ N, each di is 
distinct}. A simple pumping argument shows such languages cannot be recognised by 
nested data class memory automata, and so some kind of additional stack would seem 
to be required. 
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A Proof of Theorem |2] 


Given a RML^f term-in-context F b M we construct a Deterministic Weak NDCMA 
Ati-m recognising, as a language, comp([r h M]). By the full abstraction theorem, 
observational equivalence can then be checked by testing the corresponding automata 
for equivalence. 

For notational convenience, in this appendix we write ^ j for the letter (a, d) £ B. 
The shape of the pre-arena for terms 
[rhM] in RML^f is shown in figure [7] 

The moves in on the right of the prearena cor¬ 
respond to M, while moves on the left corre¬ 
spond to r. 

For type sequents r h 
play p in \r h 0] is represented in the data 
language as a word w where string projection 
of w is equal to the underlying sequence of 
moves in p. Pointers are only ambiguous for 
question moves in sections A and C of the 
arena. Pointers for questions are represented 
in the following manner: 


in RML^_ s f, a 


% 



- The initial question takes a (fresh) level-0 
data value. 

- If a is an answer-move in the play, then 
the corresponding letter in the word will 
be j where d is the same data value as 
the answer’s justifier. 

- Question moves in sections A, B, and C 
of the arena take a fresh data value d, 
such thatpred(d) is the data value of the 
justifying move. 


Qn 


Fig. 7: Shape of prearenas for RMLi 
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Essentially: question moves take a data value whose predecessor is the data value of the 
justifying move, answer moves take the data value of the question they answer. 

We note that this has the following (convenient) consequence: each data class of a 
word in such a language is either empty or of the form (d ) (d ) ■ It cannot be longer 
than this. 

Reduction from RML^f. The reduction is inductive on the construction of the 
canonical form. We make the construction indexed by initial moves, with each au¬ 
tomaton Ai recognising the appropriate language restricted to the initial move i. The 
construction to combine these into one automaton as per the specification above is a 
straightforward union of the automata and merging of the initial states. 

Our inductive hypothesis is slightly stronger than that the constructed automata 
recognises the appropriate languages. We also require the following conditions on the 
automaton Af l \ 


- Initial states are never revisited (or have data values assigned to them) 

- The automaton is deterministic 

- Each state can only ever “hold” data values of one, fixed, level. 

- There is precisely one transition from the initial state, labelled i, (0, _L). We will call 
the target state of this transition the “secondary state” of the automaton. Further, this 
is the only transition in the automaton with signature (0, _L). 

- If q and q' are (non-initial) final states in the automaton, then if there is a transition 
(g, a, £, p, £') then (g', a, £, p , £') is also a transition. 

Notation describing NDCMA. In the following, I represent transitions of ND- 
CMA in a couple of ways. The most standard notation I use is to write something of the 

form p q ; q Here we have m £ S, p,q £ Q, and p,q £ [Qi_) k ■ This means 

that (g, g) e S k (p,m, ( k,p )). 

I may write j for the k + 1-vector of elements of Q± obtained by putting s “on 

top” of the fc-vector s. Similarly ^ puts s “below” s. 

Sometimes I omit the final q: in this case it is implicitly assumed to only update the 
currently-read data value, which is updated to q. Formally: this means q = p[q/pk\- 
When I am omitting this final g, it is also possible to draw the automata in a rela¬ 
tively standard manner (e.g. in the first couple of cases below). 

A.l () : unit 

For [T h () : unit] the complete plays of the strategy are of the form 7 ”* (or the empty 
play). Hence Ai is simply: 



A.2 i : int 

This is also straightforward, identical to the last case but with a differently labelled 
move: 



A.3 x? : f3 

Here we have r h , so x : (3 is in Thus the initial moves have an x-component, so 
an initial move is of the form ( 7 , j) where j is in the x-component. For such an initial 
move, the plays recognised are just { ) (d ) " d £ V is level-0}, and again the 

appropriate automaton is straightforwardly given: 







A.4 succ(a;' nt ) : int and pred(cc int ) : int 

These are just as in the previous case, but adding or subtracting one to the j (modulo 
the fragment of Z being used). 

A.5 x' nt ref := y int : unit 

Here we have r b a: mt ref := y mt , so x : int ref and y : int are in F. Thus the initial 
moves have a y-component, say j. Thus the language recognised by Ar^j) is just: 

{ ) ('° k dr | dis level -0 and pred(d') = d} 

This is recognised by the following automaton: 



A.6 lx int ref : int 

This is similar to the previous case, except that the value for P to return is given by O’s 
reponse to read x . The desired language for A 7 is is just 

{(d) ( re d? x ) (t ) (d ) I 3 e d is level -° and pred(d') = d} 

This is recognised by a very similar automaton to the previous case, except that from 
state S 3 the automaton splits into different states for each possible answer j x . 

A.7 if x& then M else N : 0 

The initial move contains an x-component. If this x-componcnt is 0 then the automaton 
is as the as the automaton for N, otherwise it is as the automaton for M. 

A.8 mkvar(Aa; unit .Af, \y ,nt .N) : int ref 

This construction is very similar to that provided in the RML^j case, in apnendix lB.41 
The only difference is that now the automata for M and N needn’t be level-0, as they 
may make plays in r. These parts of the automata must retain the data-levels used, but 
nested under the initial level -0 data value used: this is a simple construction. 

A.9 while M do N 

The strategy [while M do iV| plays as if playing M until the final move would be 
made. If this would be 0, P gives the • answer to the initial move, and stops. Other¬ 
wise it plays as if playing N, until the final move would be made, when it starts as if 
playing M again. This is easy to construct from the automata and A; v : for a full 
formal description of how, see appendix IB. 51 which deals with the RML^j case. The 
construction here is very similar: the only difference is that the constituent automata 
may no longer be level-0. This could lead to difficulties if data values spawned in one 
run-throughs of the loop could be used in a later run-through, but this cannot happen as 
arguments cannot be partially evaluated in this fragment, so cannot be returned to later. 






A.10 let x — ref 0 in M : 6 


We assume we have a family of automata, Af 1 , recognising the strategy [T, x : i nt ref b M : 0]. 
fr b let x = ref 0 in M : 0] is constructed by restricting behaviour of x to “good vari¬ 
able” behaviour (i.e. after a read-move the response is an immediate reply of the last 
integer written to the variable), and then hiding those moves. The automata construction 
is done in these two stages. 

Restriction to good-variable behaviour. The value of the variable will be stored 
in both the current state of the automaton, and by the level-0 data value. The level- 
0 data value will be used to ensure that when O switches between threads (see the 
A-abstraction construction in section |A. 1 T) , the correct variable value is retained. By 
keeping the value in the current state, the correct value is retained when moves in r are 
being made. Assume the finitary fragment we are using is {0,1,..., K}. Let Q be the 
non-initial states of A 1 }^. We construct C 7 as follows: 

- The states of the automaton are {qi} W (Q x {0,1,..., K }) 

- The final states are q/ and those which are final in A'' 1 paired with any integer. 

- The initial state is qj 

- The transitions are given as follows: 

• qj (sm, 0 ) where sm is the secondary state of A^. 


• if q\ is in AA where m is not an x-write move or a 



response to an x-read move, then: 

* if to is a qj move for some j ^ 0, for each ■ ■ ■ Ak £ {0,1 ,..., K }, 

( Sin. in} 



(tfebo) 

venience, if Sk = -L we interpret (s/c, i) as _!_ also). 

* if to is not a qj move, for each i, jo,ji,--., jk £ {0,1,..., K}, we have 

(Sin . in'] 



• For each j, if qi 


w rite x (j),(l, 



* < 12 , 



is in A^ 1 , then we have the 



• For each response to an i-read move, j x , if (j\ 














Note that adding the transitions between accepting states as required by the inductive 
hypothesis will not change the language recognised, since all the outward transitions 
added would be labelled with a qj move, and by construction these moves require a 
level-0 data value to be in the correct place. 

Hiding Ai': t x=ref 0ln M is constructed from C 7 as follows: 

If we are in a configuration (si, /) of C» where we can perform a transition si 
S 2 , t where m x is an x-move then by determinacy of strategies combined with the re¬ 
striction to good variable behaviour, it is the only possible transition from this config¬ 
uration. Thus for every state so of C 7 and every possible “signature” ^, there is a 
unique maximal (and not necessarily finite) sequence of transitions: 



where each to,; is an a:;-move. 

From each C 7 we construct the automaton y4i et x=ref 0 ln M by considering where 
this sequence terminates for each state. Everything is the same as in C 7 except for the 
transition relation, which is altered as follows: 


- If the maximal sequence of x-moves with signature J out of state sq is empty 
then all transitions requiring signature j out of so are unchanged. 

- If the maximal sequence out of sq with signature "j is finite and non-empty and 


ends in state s n and with signature 



, then for every transition s n 


m,( 1, 



» 


s n+1 ,i we add the transition So —> s„+i (note that by determinacy of the strategy 
and restriction to good variable behaviour, this e transition can be compressed out 
without loss of determinacy). 

- All transitions on x-moves are removed 

- Transitions from final states as required by the inductive hypothesis are added. This 
does not affect the language recognised, since the added transitions will require a 
level-0 data value to be “in” the relevant copy of Q o, and there can only be one 
level-0 data value in runs of this automaton. 


Determinacy of the resulting automaton is inherited from determinism of C 1 (and 
thence from A 7 f ). 


A.ll A xP.M : (3 -> 6 

We have r, x : ft h M : 9, and therefore assume there is a family of automata Af 1 
recognising [MJ. The prearenas for [T, x h M] and [T h A x.M\ are shown in fig¬ 
ure Q] Note that the initial moves in [T, x h MJ contain an x-component, so may be 










considered pairs (7 ,i x ), while the initial moves in [E b Ax.Af] contain the same E- 
component, but no ^-component. The move qo therefore corresponds to the /'-component, 
and the move qi precisely corresponds to an ./-move. 

J.T b Ax.Af] is as follows: after an initial move 7, P plays the unique ao-move •, 
and waits for a gi-move. Once O plays a gi-move i x , P plays as in [E, x b Af] when 
given an initial move (7, i x ). However, as the q\ -moves are not initial, it is possible that 
O will play another <f \ -move, i' x . Each time O does this it opens a new thread which P 
plays as per [E, x b Af] when given initial move (7, i' x ). Only O may switch between 
threads, and this can only happen immediately after P plays an dj-move (f or any t y 
Hence we construct A^ X " M as follows: 


- The set of states is the disjoint union of the set of non-initial states of each A^ i 
plus new states (1), (2), and (3). 

- The initial state is (1) 

- The final states are those that are final in each A 1 ^ i y as well as (1) and (3). 

- The transition relation is as follows: 

• ( 1 ) ^ ( 2 ) 


. (2) a - 0 ’ (0 ’ (2 ^> (3) 


• For each i x , (3) 


„Ai) 


* Si x where Sj x is the secondary state of A^ t 
• If si S 2 , t is a (non-initial) transition in one of the Af 1 , then: 


O+i 


('?) 


) 

-+ s 2 


(?) 


is a transition. 


* if to is a qi or a,; move, si — 

* if to is a move in [E], Si —s 2 , i [(3)/fo] is a transition. 


• If si and sj are both (non-initial) final states and si 

TO, 0,5 


to,o,s; 


» s 2 , t. is a transition 


already given by the above rules, then s'i 
between threads). 


> s 2 , t. (This allows O to switch 


A.12 let X? = M in N : 6 

Here we have r b M : fj and r,x : /3 b N : 9. The initial moves of [J 1 , x : ft b N : 0] 
contain an x-component, so we index the family of automata recognising [E, x : /3 b N : 0] 
as A^j where j is the x-component. The family of automata recognising [Af] are in¬ 
dexed as A^. 

The strategy [let .x /5 = M in NJ is essentially a concatenation of the strategies for 
[Af ] and [iV], with the result of the [Af] strategy determining the x-component of the 
initial move of [TV]. A* et x =M ln N is constructed as follows: 

If = ((d) (d) } t ^ len A l ° txP - MlnN = A^j. Otherwise, by determinacy 

of the strategy there cannot be a transition from the secondary state to a final state in 
Aif, and bl' et xP=M ln N is given by: 

- The set states of states is disjoint union of the non-initial states of Af 1 and each 

A^j, plus new a state (1). 



- The initial state is (1). 

- The final states are those which are final in each _4: v •. 

- The transitions are given as follows: 

• ( 1 ) sm where sm is the secondary state of A 

• All transitions in A }l not going to a final state (or from the initial state) are 
preserved 

• If si J '^°’ S3 ' ) > S 2 , t is a transition in A^ with S 2 final (in A^ f ) and sjvj is the 
secondary state of A^ ■: 




* 


m,(0,SN,j) , . . . at 

if snj - > s 4 , t is in Atyj then we have the transition s i 

Si,f. 


m,( 0 ,s 3 ) 


TO, ( 1 ’( S ± ; ’)i - 

* if s nj ---S 4 , t' is in A 1 ^j then we have the transition si- 

All other transition in each „4: v ( are preserved unchanged. 

Transitions from final states as required by the inductive hypothesis are added. 
This does not affect the language recognised, since the added transitions will 
require a level-0 data value to be “in” the relevant copy of _4; v ? , and there can 
only be one level -0 data value in runs of this automaton. 


Determinacy is inherited from A : A and A )' ; 


A.13 let x — zyP in M : 9 

As x must be of type /3 for this to be in RML^f, this is essentially the same as the 
previous case. 


A.14 let a; = z(\y.M) in N : 9 

Here we have r,y : /3, z : (ft -> 0\) /3 b M : 9\ and r, x : f3, z : ((3 —> 9i) —> (5 h 
N : 9. As in the previous cases, plays in [let x = z(Xy.M) in NJ consist of P playing 
[z(At/.M)] until x has been evaluated, and then playing as N with this value of x. The 
prearena for this case is shown in figure [8] 

Plays in [let x = z(Xy.M) in NJ start with P playing q z . O can then either play q' 0 , 
starting an [Ay.MJ-thread, or play a z , giving a value for x in the rest of the play. If O 
chooses the former, that thread is played as [Aj/.M]|, with gp-moves providing a new 
value for y , until O plays an a z move. Once O does play an a z move, P plays as [IV] 
with the answer O provided as the value for x. 

In this construction a similar construction to that in lA.l II will be used, to allow O to 
interleave plays of \M\. At any point when O would be able to change threads, it is also 
able to finish evaluating M and give a value for x. Once this happens play continues in 
the corresponding A ? :)r . The formal construction for ln N j s as f 0 u ows; 

- The set of states consists of: 

• Fresh states (1), (2), and (3) 













Q>n 


Fig. 8: Prearena for [.T, 2 : : (/3 —>• 6 \) —>- /3 F 0] 


A copy of the states of each AA 
A copy of the states of each A'^. )r 


- The initial state is (1) 

- The final states are those which are final in each A ^ Jr , and (1) 

- The transitions are: 

• ( 1 ) ( 2 ) 


( 2 ) 


Qz 




>(3) 


• For each available a z move labelled j x we have the transition (3) 
Snj where snj is the secondary state of A^ lr 

/( 2 )\ 

l y :(7 ^( 3 ) J ) 

• For each available q' 0 move labelled i y , we have (3) - 


■(SO. 


* Sm where 


Sm is the secondary state of A‘A 


• If Si 




> S 2 , t is a (non-initial) transition in one of the Af, then: 


m,(j +2 


* if to is a qi or a* move in [01], si 


■ 0 ) 


-7 s 2 


/ (2) \ 


is a transition. 


* if to is a move in [J 1 ], si S2; f [( 2 )/to] i s a transition. 

• If <71 nl ’( k ’ s ' ,q2 ’t > j s a transition already defined by one of these, and q\ is either 
(3) or a (non-initial) final state in one of the A^ i , and <73 is a (non-initial) final 

r , am , , , . . m,(k,s)q 2 ,t 

state in one of the Az .-, then we have the transition <73 -7. 

1 Ay ± 

• • m,(k,s ) - . . at - . 

• For each transition snj - > q, t in each where snj is the sec- 

ondary state of A^j x , we have the transition snj rri ^ k,a ^ 2 ^ So }\ q ; 7 



• All other transitions in each A^j x are left unchanged 

• Transitions from final states as required by the inductive hypothesis are added. 
This does not affect the language recognised, since the added transitions will 
require a level-0 data value to be “in” the relevant copy of ^, and there can 
only be one level-0 data value in runs of this automaton. 

Determinism is inherited from the constituent automata. 

A.15 let x — zmkvar(Att unit .7VTi, Av'^.M?) in AT : 6 

This is very similar to the previous case: the difference is that the q' 0 moves from the 
last case can now be either read or write(j), leading to playing as either [Mi] or [M 2 ] 
respectively. The formal construction is almost identical to that given above. 

B Proof of Theorem |3] 

Given a RML]“ term-in-context I ’ f- M we construct a Deterministic Weak NDCMA 
Ar\-M recognising, as a language, comp([f b M]). By the full abstraction theorem, 
observational equivalence can then be checked by testing the corresponding automata 
for equivalence. 

The shape of the pre-arena for terms [/’ b M] in RML^ is shown in figure^ The 
moves in section A of the prearena correspond to M, while moves in sections B and C 
correspond to r. 

A play p in [T b a(n)] is represented in the data language as a word w where the 
string projection of w is equal to the underlying sequence of moves in p. Pointers are 
only ambiguous for question moves (as for answers well-bracketing is enough to ensure 
justification is clear). Pointers for questions are represented in the following manner: 

- Initial questions (of which there is precisely one, at the beginning of the play) take 
a fresh level-0 data value. 

- If a is an answer-move in the play, then the corresponding letter in the word will be 
(ji ''j where d is the same data value as the answer’s justifier. 

- Question moves in section A of the arena above take a fresh data value, d, such that 
pred(d) = d! where d! is the data value of the justifier. These data values will be 
enough to determine the justifiers. 

- All other moves (i.e. those in sections B and C) take the data value of the most 
recent move in A (or the initial move, if no move in A has yet been made). Moves 
in B will have their pointers represented using the “tagging” of source- and target- 
moves, as used in J3 for RMLo-str- We will not encode pointers of such moves 
justified by the initial move (i.e. q lr> moves), as they are unambiguously justified. 

Reduction from RML^j The reduction is inductive on the construction of the 
canonical form. We make the construction indexed by initial moves, with each au¬ 
tomaton At recognising the appropriate language restricted to the initial move i. The 
construction to combine these into one automaton as per the specification above is a 
straightforward union of the automata and merging of the initial states. 


Our inductive hypothesis is slightly stronger than that the constructed automata 
recognises the appropriate languages. We also require the following conditions on the 
automaton Af 1 : 

- Initial states are never revisited (or have data values assigned to them) 

- The automaton is deterministic 

- Each state can only ever “hold” data values of one, fixed, level. 

- There is precisely one transition from the initial state, labelled i, (0, _L). We will call 
the target state of this transition the “secondary state” of the automaton. Further, this 
is the only transition in the automaton with signature ( 0 , X). 

- If <7 and q' are (non-initial) final states in the automaton, then if there is a transition 
(q, a, £, p , £') then (■qa, £, p, £') is also a transition. 

For the cases () : unit, i : int, x P : f}, succ(cc mt ) : int, and pred(X nt ) : int, the 
constructions are exactly as in . We deal with the remaining cases here: 


B.l 


jJnt ref yint 


unit 


Here we have X h a: mt ref := y' nt , so x : int ref and y : int are in X. Thus the ini¬ 
tial moves have a y-component, say j. Thus the language recognised by is just 

{ Ci) j (° k * ) (j) |d, G X> and d is level-0}. This is recognised by the fol¬ 

lowing automaton: 

(7 ,j)>(0,X) /^\ idx(j'),(0,s 2 ) XX ok x , (0, s 3 ) •, (0,s 4 ) 




S2 



S3 



S4 



B.2 \x ,nt ref : int 

This is similar to the previous case, only the value to return is given by O’s play in the 
a>section of X. The language recognised by Ay is just: ) (d ) I ^ G 

V and d is level-0}. The automaton is thus similar to that given above, except that from 
state S 3 the automaton splits into different states for each possible answer j x . 


B.3 if then M else N : 6 

The initial move contains an ^-component. If this ^-component is 0 then the automaton 
is as the as the automaton for N, otherwise it is as the automaton for M. 


B.4 mkvar(Aa; un ' t .iVX, Xy' nt .N) : int ref 

Here we have r,x : unit h M : int and X, y : int h N : unit, and this “bad-variable” 
construction uses these methods as read- and write-methods respectively. The string 
projection of the language for [mkvar(Aa’ Llr " t .Af, At/ mt .iV)] is then 

7 • • • ( read ■ Lm + write(j) ■ L•’ N )* 

3 






Where Lm is the language for [M] without the initial move, and L 3 N is the language 
[At] when y = j, without the initial move. Note that the representing automata are 
level- 0 . 

For an initial move 7 , we make the following construction of _ 4 ™ kvar ( Aa - M ,Ai/.A0 ; 


- The set of states is the disjoint union of the states of A^ 1 , and each A^ minus 
the initial states, plus additional states (1), (2), and (3). 

- The initial state is the state (1). 

- The final states are those which are final in the constituent automata AA and each 

and (1) and (3). 

- The transition relation is given as follows: 














( 1 ) ( 2 ) 
(2) (3) 


( 3 ) 


read,(1, ^(3)^ 


■> Sm where sm is the secondary state of A^ 


M 


write(j),( 1 


(?) 


( 3 ) 


For all transitions si 


» s jv, j where s nj is the secondary state of A^~ ^ 

->• S 2 in a constituent automaton (not including 




) 

-T S2- 


initial transition), we have the transition si 
From each final state, s, in one of the constituent automata, we add transitions 


read, 




) write(j) 

s m and s — 


•»■(?) 


as before) 


) 

-> Snj (where sm and -S' n.j are 


We note that determinism is inherited from the constituent automata. Further, the only 
transitions from final states we need to add for the inductive hypothesis have already 
been added. 


B.5 while AT do AT : unit 

The strategy [while M do NJ plays as if playing M until the final move would be 
made. If this would be 0, P gives the • answer to the initial move, and stops. Otherwise 
it plays as if playing N, until the final move would be made, when it starts as if playing 
M again. Note that A^ 1 and AA are both level-0. The automata _4^ hlle M do N is thus 
given by: 

- The set of states is given by the disjoint union of the set of states of A^ and A^ , 
without the initial states, plus new states (1) and (2). 

- The initial state is (1). 

- The final states are (1) and (2). 

- The transitions are given as follows: 

• (1) sm where sm is the secondary state of Aif. 



• if s' is a final state of Aif and s — > s' is a transition in AOf , with m / 0 , 
we have the transition s A- sn where sjv is the secondary state of A^. (We 
can compress the silent transition e out, since by determinism of the strategy 
this is the only transition from s in A ^ 1 .) 

• if s' is a final state of A^f and s — —°’ - V s' is a transition in A^f , with m = 0 , 

we have the transition s ( 2 ) 

• if s' is a final state of A^ and s s 1 j s a transition in A^, we have the 

transition s A- sm where sm is the secondary state of A^f . (We can compress 
the silent transition e out, since by determinism of the strategy this is the only 
transition from s in A ^.) 

Determinacy is inherited from the constituent automata, and there are no transitions 
from final states that need be added. 


B .6 let x = ref 0 in M : 0 

This is similar to the construction for in appendix [A] but this time the value 

of the variable will be stored just by the level-0 data value. This will correctly capture 
the scope of the variable. 

We assume we have a family of automata, Af 1 , recognising the strategy [T, x : int ref b M : 0], 
[T b let x = ref 0 in M : 0]| is constructed by restricting behaviour of a; to “good vari¬ 
able” behaviour (i.e. after a read-move the response is an immediate reply of the last 
integer written to the variable), and then hiding those moves. The automata construction 
is done in these two stages. 

Restriction to good-variable behaviour. Assume the finitary fragment we are 
using is {0,1,..., k}. By our inductive hypothesis, we know that each state can only 
’hold’ data values of one level: let Qq be the set of states of At 1 which hold level-0 
data values, let be the set of states of A^f which hold data values of level ^ 1 , so 
the states of A^ r are partitioned into Qq, Q^\, and the initial state qj. We construct C 7 
as follows: 

- The states of the automaton are {g/} l±) Q^\ W (Qq x {0,1,..., k}) 

- The final states are those which are final in AA, and those which are final in A} 1 
paired with any integer. 

- The initial state is qj, the initial state in Aif. 

- The transitions are given as follows: 

• qi q ?’( 0,± :\ (sm, 0 ) where sm is the secondary state of A^. 1 

• If si m ’ ( ' 0 ’ S3 \ S 2 ,t is in AOf, where m is not an x-write move or a re¬ 
sponse to an x-read move, then si, S 2 £ Qo, and we have (si, i) 

(s 2 , i), (t , i) for each i 









• If si --- > S 2 , (|) is in At 1 (where k > 1), where m is not an x- 

write move or a response to an x-read move, then si, S 2 G Q^i, and we have 


si 




) 

-+ s 2 




for each i 


• For each j, if si S2; ^ j s j n Atf, then si, s 2 G Qo, and we have 

write x (j),(0,(s 3 ,i)) , - , . 

(si, t)- > (s 2 , 3 ),{t,J) for each i 


write x (j),{kA j I) 


• For each j, if si 


•<*■(?) 


write x (j) 


Si, s 2 € Q>i, and we have Si 


> s 2 , is in ^4^ (where k > 1), then 

,(fe,( (s f ) )) 


->• s 2 , ^ for each ; 


• For each response to an x-read move, j x , if si : ’ X ^ 0 ’ S3 \ s 2 , t is in AOf , then 


si,s 2 € Qo, and we have (si,j) J . x ’ (0 ' (s3 ’- ;) - ) > ( s 2 ,j),{t,j) 


• For each response to an x-read move, j x , if si 


(?) 


j*,(M p )) 


> 5 2, (0 is in A: 


M 

7 


(where k > 1), then si, s 2 G Q^> i, and we have si 


jx,(k 


At) 


* S 2 


■('¥’) 


Hiding .4.1®* x_ref 0 ln M is constructed from C 7 as follows: 

If we are in a configuration (si, /) of C; where we can perform a transition si - ——> 

s 2 , i where rn x is an x-move then by determinacy of strategies combined with the re¬ 
striction to good variable behaviour, it is the only possible transition from this con¬ 
figuration. Further, we note that using only x-transitions cannot lead to a change in 
data-value being read. Thus for every state so of C 1 and every possible “signature” £o, 
there is a unique maximal (and not necessarily finite) sequence of transitions: 


mo,(k,$o) r 

So- > s i,4i 


"U,(fc,fi) r m 2 ,(fc,£ 2) 

- > S 2 , (2 - > ■ ■ ■ 


where each m, is an x-move. 

From each C 7 we construct the automaton .4l‘ :t x=ref 0 ln M by considering where 
this sequence terminates for each state. Everything is the same as in C 7 except for the 
transition relation, which is altered as follows: 

- If the maximal sequence of x-moves with signature £0 out of state so is empty then 
all transitions requiring signature £0 out of Sq are unchanged. 

- If the maximal sequence out of s 0 with signature £0 is finite and non-empty and 

_ yyi, £ n ) _ 

ends in state s„ and with signature £ n , then for every transition s n — > s n+ i, t 

we add the transition so > s n +i, f. 

- All transitions on x-moves are removed 



- Transitions from final states as required by the IH are added. This does not affect 
the language recognised, since the added transitions will require a level -0 data value 
to be “in” the relevant location, and there can only be one level -0 data value in runs 
of this automaton. 

Determinacy of the resulting automaton is inherited from determinism of C 7 (and 
thence from A^J ). 


B.7 A xP.M : 6 


We have I\x : p b M : 9', and therefore assume there is a family of automata Af 1 
recognising [M], The prearenas for [T, x b M] and [T b A x.M\ are shown in fig¬ 
ure [4] Note that the initial moves in [T, x b M] contain an x-component, so may be 
considered pairs ( 7 , i x ), while the initial moves in [F b Ax.M] contain the same T- 
component, but no x-component. The move qo therefore corresponds to the T-component, 
and the move q\ precisely corresponds to an x-move. 

J-T b Ax.M] is as follows: after an initial move 7 , P plays the unique ao-move •, 
and waits for a (7 -move. Once O plays a <71 -move i x , P plays as in [7”, x b M\ when 
given an initial move ( 7 , i x ). However, as the <7 -moves are not initial, it is possible that 
O will play another <7 -move, i' x . Each time O does this it opens a new thread which P 
plays as per [E, x b M] when given initial move ( 7 , i' x ). Only O may switch between 
threads, and this can only happen immediately after P plays an a,-move (for any i). 
Thus we construct A* X ' M as follows: 


- The set of states is the disjoint union of the set of non-initial states of each A 1 ^ i 
plus new states (1), (2), and (3). 

- The initial state is (1) 

- The final states are those that are final in each . A M 

- The transition relation is as follows: 

7,(0,-U 


A™i x y as we H as (1) and (3). 


(1) 


4(2) 


. ( 2 ) (3) 


For each i x , (3) 




• If Si 


¥ Si x where s^ is the secondary state of A^ ix 

m,(j+ 1 , ^( a ) 


¥ S 2 , t is a (non-initial) transition in one of the Af 1 , then si 


S2 




is a transition. 


• If si and s^ are both (non-initial) final states and si 
already given by the above rules, then s', ———> S 2 , t. 


1 , 0 , 8 ) 


¥ S 2 , t is a transition 


B.8 let x? = M in TV : 6 

This is very similar to the equivalent case in appendix lAl 









The strategy [let 2 ;^ = Af in TV] is a concatenation of the strategies for [Af] and 
[TV], with the result of the [M] strategy determining the ^-component of the ini¬ 
tial move of [TV]. We have f b M : /3 and F. x : 0 b TV : 9. The initial moves of 
[-T, x : b TV : S\ contain an ^-component, so we index the family of automata recog¬ 
nising [Tj x : j3 b TV : S\ as where j is the ^-component. The family of automata 

recognising [M] are indexed as Aif ■ A}^ xP ~ M m N j s constructed as follows: 

If C{A^) = {(d) (d) 1 t ^ len A}^ tx? ~ MmN = A^. Otherwise, by determinacy 
of the strategy there cannot be a transition from the secondary state to a final state in 
, and _4i ; et xf> = M ln A ' is given by: 

- The set states of states is disjoint union of the non-initial states of Af 1 and each 
Afy plus new a state ( 1 ). 

- The initial state is (1). 

- The final states are those which are final in each „4: x •. 

- The transitions are given as follows: 

• ( 1 ) 7,( ' 0 ’ ± \ sm where sm is the secondary state of AHf 

• All transitions in A A not going to a final state (or from the initial state) are 
preserved 

• If si ——- y S 2 , t is a transition in A!A with S 2 final (in AO?) and snj is the 
secondary state of A™y and snj — N ’ J ) > S4; f' j s j n then we have the 

. . m,(0,«3) 

transition si ->• S 4 , t. 

• All other transition in each „4: v ; are preserved unchanged. 

• Transitions from final states as required by the inductive hypothesis are added. 
This does not affect the language recognised, since the added transitions will 
require a level -0 data value to be “in” the relevant copy of A™y and there can 
only be one level -0 data value in runs of this automaton. 

Determinacy is inherited from AA and 4b V ( . 

B.9 let x — zyP in M : 6 

We assume x is not of type /3, as otherwise this could be handled by the previous 
construction. 

We have T, x : 9 ', z : /3 —> 6 ', y : /3 b M : 6. Plays in [let x = zy& in Af] begin 
with P copying the (/-component of the initial move into the ^-component, and O must 
respond with the unique answer, » z (which corresponds to the initial move of [0']). Play 
then continues as [Af] except that all a;-moves are relabelled as 2 -moves, hereditarily 
justified by the occurrence of » z O was forced to play. The pointers for moves justified 
by » z will have to be made explicit as part of the construction. 
bCr* x ~ zy ln M is then constructed as follows: 

- The states are two copies of the non-initial states of A^ i , j zi . x (where » x is the 
move * z that O will be forced to play, relabelled as an :/;-move) plus new states ( 1 ), 
(2) and (3). The second copy of AA iz ._ will be used to encode P-pointers, so 

we write state s in the second copy as s. 



- The initial state is (1). 

- The final states are those final in A^ 1 , , „ , and (1). 

I i L y i^z i m x ' ' 

- The transitions are as follows: 

. (1) (2) 

• (2) (3) where j z is the initial move for y copied into the ^-component. 

• (3) sm and (3) where sm is the secondary state of 

am 

m,(k,s ) - . ••• a M 

• si - > So it is a transition in AZ i , . and to is not an x-move, then 

1 Ai l yi i z, 9 x 

m,(k,s ) - • m,(k,s ) • — • 

we have the transitions s i - > s 2 , t and s 1 -^ 52 , t (where 5 replaces 

_ • 

each element of 5 of s with s ). 

m x ,(k,s) • • • aM 1 • . . . 

• si ->• so, t is a transition in AZ, , . and m x is a non-initial x-move, 

1 i L yi L z , 9 x 

, , , . . m z ,(k,s) - • m z ,(k,s) • % 

then we have the transitions si - > s 2 , t and si->-S 2 , t, where m z 

is the relabelling of m x into the ^-component. 

m x ,(k,s ) • • • aM . . . 

• si - > so, t is a transition in AZ a , . and m is the initial x-move, then 

li L yi L z-, m x 

• 0 o • 

. . m z ,(k,s) - • m z ,(k,s) • - • m z ,(k,s ) • 

we have the transitions si ->• S 2 , t and si- >s 2 , t and si- >S 2 


, t, where m z is the relabelling of m x into the z-component. 

• Transitions from final states as required by the inductive hypothesis are added. 
This does not affect the language recognised, since the added transitions will 
require a level-0 data value to be “in” the relevant location, and there can only 
be one level-0 data value in runs of this automaton. 


Determinism is inherited from the constituent automaton. 


B.10 let a; = z(Xy.M) in N : 6 

Here we have r, y : f3, z : (/3 — > /3) — > Oi I - M : (3 and r, x : Oi, z : (/3 — »• /3) —> 9\ \~ 
N : 9. The prearena is as follows: 


(7 ,iz) 



q n 


tin 



Plays in [let x = z(Xy.M) in NJ start with P playing •. O can then either play j z , 
starting an [M]-thread, or play » z , the initial x-move. If O chooses the former, that 
thread is played to completion, as in [M], Once this is finished, (with P playing k z as 
the final move), we return to the situation where O can play either j z or » z . Once O 
does play * z , P plays as [TV], except that all x-moves are renamed to 2 -moves (justified 
by • z ). Further, whenever P plays in x (which becomes a 2 -move), O can again play j z 
and start an [M] thread. 

The automaton ( Xy - M) lnN j s constructed as follows: 

1 i L z 

- The set of states consists of: 

• Fresh states (1), (2), and (3) 

• Two copies of the set of non-initial states of xL v . _ iz , the second marked as s 

• define <S, the set of states from which an [M]-thread can be opened, as 


S = {(3)}l±){r : (r = s or r =s) and t —4 s in m iz with m x a P-x move} 


We then take states (s.t) where s is a state in some At 1 , , and t € S 

' ' ii L y i L z 

- The initial state is (1) 

- The final states are those which are final in A^ tx , (both tagged and untagged), 
and (1) 

- The transitions are: 

(7 >*®)i( 0,-L) 1 


( 1 ) 


4(2) 


. ( 2 ) ^ (3 ) 

• (3) - iS 4 0 ^ 3 ^> Sn anc | (3) - z ’ ( 0 ,{ 3 ) \ sn, where sjv is the secondary state of 
an 

•^7 

• Ir 5i - > S2, t is a transition in Aiy mxtiz and m is not an x-move, then we 

m,(k,s ) - • m,(k,s ) • - 

have the transitions s \ - > s 2, t and s 1- >s 2, t 

m x ,(k,s) . jy . . . 

• It si - > S2, t is a transition in Aiy %x iz and m x is a non-initial x-move, 

>(M) r j • m z ,(k,s) • j 

- > s 2, t and si- >s 2, t, where m z 


then we have the transitions Si 
is the relabelling of rn x into the 2 -component. 


• If Si 


c(k,s 


» S 2 , t is a transition in ^4^. „• and m is the initial x-move, then 

‘ I - 9 X 1*2 


. . m z ,(k,s ) - • m z ,(k,s) • ^ • m z ,(k,s) • 

we have the transitions si - > S 2 , t and si- >S 2 , t and si- >s 2 

, t, where m z is the relabelling of rri x into the 2 -component. 

• If s £ S then for all transitions t s, s we have the transition s 

s), s QMJ , where q M ,j is the secondary state of A^j >iz , and s qM j is the 
same as s but with the last element paired with CjM.-j- Further: 

•_ .M to fi„ol AM 


* If Pi 


-» P 2 ,p’ 2 is in A^j iz where p 2 is not final (in A^ jy iz ), we 


m,{k,s 


^ (pi,s),s 


P 2 


have {pi , s) 



* If Pi 


p‘ 2 .p’ 2 is in Atfj iz where p 2 is final (in A^ y iz ), we have 


• Transitions from final states as required by the IH are added. This does not 
affect the language recognised, since the added transitions will require a level- 
0 data value to be “in” the sub-automaton, and there can only be one level-0 
data value in runs of this automaton. 

Determinism is inherited from the constituent automata. 


B.ll let a; = zmkvar(Att unit .lVTi, Xv' nt .M 2 ) in N : 6 

This is very similar to the previous case: the difference is that the j z moves from the 
last case can now be either read or write(j), leading to playing as either [Mi] or [M 2 ] 
respectively. The formal construction is almost identical to that given above. 


C Proofs of Undecidability Results 

C.l Proof of Theorem [4] 

Q-Stores Following previous game semantics based undecidability results, we will 
reduce the halting problem for a class of finite state machines equipped with a queue 
to observational equivalence of RML-terms. The universality of such machines goes 
back to Post’s work on simple rewriting systems 820ll2l . In particular, we will utilise 
automata equipped with a Q-store Q3). Q-stores are a generalisation of a queue which 
do not always follow queue behaviour. However, we will be able to detect whether the 
queue discipline has been followed correctly or not. 

Definition 3. A Q-store stores characters from a finite alphabet E. Its content is de¬ 
fined by a natural number n and a function / : {0,..., n} —> E x {+, —} x {+, —}. 
The three fields of f(i) will be referred to as /(*). SYMBOL, f(i).ACCESSED and 
f(i).MARKED respectively. The first holds the character stored in this element of the 
Q-store and the other two are used for bookkeeping. 

The empty Q-store is defined by n = 0 and /(0) = (f, +, —) where f is a dummy 
symbol set as accessed but unmarked. 

There are two operations which can be performed on a Q-store. 

- ADD x adds x € E to the store. The new Q-store f : {0,..., n + 1} —> Ex 

{+, -} x {+, -} is defined by / C /', /'(n + 1) = (x, -). 

- FETCH is the only access method. It can return any previously unaccessed ele¬ 
ment in the store /(*). SYMBOL (i.e. /(*). ACCESSED = —) provided an in¬ 
dex j can be found such that 0 < j < i < n, f{j).ACCESSED = + and 
f(j).MARKED = —. As well as returning the value stored in the vth element, the 
operation sets f(i).ACCESSED and /(j). MARKED to +. 






We see that a FETCH operation can return any unaccessed element i provided there 
is an earlier element j which has already been accessed but has not yet been marked. 
The choice of (i. j) is made nondeterministically and different choices can affect the 
store in different ways. It is possible that the Q-store might behave as a queue. This will 
occur if during a FETCH the choice of i will always be the first unaccessed element 
and j to be i — 1. If this happens then the Q-store will have a characteristic pattern: 
no unaccessed element occurs between two accessed elements. The only way to have a 
Q-store with this pattern is if its behaviour has been that of a queue. In particular, if all 
elements of a Q-store have been accessed then its behaviour was that of a queue. 

We can now consider finite state machines equipped with Q-stores. 

Definition 4. A Q-machine is a tuple A = ( Q, £, qo, F, S ADD , § FETCH ^ where: 

- Q = Q a + Q F + F is the finite set of states with </o £ Q the initial state. 

_ gADD . qA q x ■£ defines transitions out of states in Q A . If the machine is 
in state q± and 5 ADD (q\) = (q 2 ,a) then the machine transitions into state q 2 and 
performs ADD a on the machine’s Q-store. 

- S FETCH : Q f x £ —> Q defines the machine’s action when in a state from 
Q f . When in state q\ £ Q F the Q-machine will attempt to perform a FETCH. 
If this is successful and returns symbol a then the machine transitions into state 


6 FETCH ( qi ,a). 


We say that a Q-machine halts if there exists a run (starting in the initial state) 
which ends in a final state (a state in F ) with a Q-store in which all elements have been 
accessed. 

Since Q-machines only halt when every element in the Q-store has been accessed 
(so when the Q-store has acted as a queue) as far as halting is concerned they are the 
same as finite state automata equipped with a queue. Hence, from Post’s work we can 
infer that they have an undecidable halting problem. 

Representing Q-machines We now consider how to represent the run of an arbitrary 
Q-machine at the type sequent h (unit —> unit) —» unit —> unit. The relevant prearena 
is shown in Figure[9] For technical convenience we will assume that the initial state of 
the Q-store results from a dummy ADD action executed once at the very start of the 
run. 

Our representation of the Q-machine will begin with qo~ao. 

Each ADD operation (including the dummy operation initializing the store) will 
then be interpreted by the segment q'q q{ a-\. : 


Each FETCH will be represented by segments q 2 q q-i &'i a a, 2 where the first <72 is 
justified by the a\ from the ith ADD, q is justified by the <f \ immediately before that a\ 
and the second qi is justified by the a \ in the 7 th ADD. Here we are using the visibility 
condition to force'' 1 r '' ’ ' '' * T ' T '’ ’ 1 than the choice of 

i. 



q 0 a 0 ■ ■ ■ qi q qi ai ■ ■ ■ q! q q! a,! ■ ■ ■ q 2 q q 2 a 2 a a 2 

Once the Q-machine has reached a final state at the end of the computation, we 
must check that the Q-store has the correct shape. This is performed in a finishing up 
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Fig. 9: Prearena for h (unit —>• unit) —>• unit —> unit 


state where we visit each ADD-block from last to first and check each of them has been 
accessed. 



q 0 a 0 ■ ■ ■ qi q qi ax ■ ■ ■ q 2 a 2 a ai 


In order to construct a term which follows this strategy we first consider some terms 
which perform the various responses. Our final term will keep track of which state the 
simulation is in and imitate one of these terms accordingly. 

- A/.... will respond to the initial <70 with do. 

- A/./(); Ax. 17 responds to <71 with q. Once this is (eventually) answered with a it 
responds with ai. This a\ can never be used to justify anything or else P will not 
respond. 

- A/.Ax./Q responds to qi with 01 . If this a\ is used to justify a q 2 then it responds 
with < 7 . If this is answered with a then it responds with a 2 . 

- A/.Ax.Q responds to <71 with ai and to q 2 with a 2 . 

In order to keep track of which stage of the computation we are in, we will use a 
number of global variables. 

- State — keeping track of which state the simulated Q-machine is in. 

- First — a flag letting us know if the first dummy ADD-operation has occurred. 

- AddState — keeping track of how far through an ADD-operation we are. 

- FetchState — keeping track of how far through a FETCH-operation we are. 

- FinishingState — keeping track of how far through a finishing up operation we are. 

Additionally, we will create several local variables for each ADD. 

- Symbol, Accessed and Marked — representing the appropriate fields in the Q-store. 

- Finalised — a flag keeping track of whether this ADD-operation has been visited 
during the finishing up stage. This is needed to ensure that each ADD is visited 
exactly once during this phase. 



The term is shown in Figure [TO] We use the syntax [B \,..., B n \ as an abbreviation 
for if y\ B, then () else i?. The local variables are associated with the q\ • ai part of 
each ADD-block. This ensures they can be accessed during a FETCH or the finishing 
up stage when moves are hereditarily justified by them. Note that we cannot enforce 
that during the finishing up stage, the <72 is justified by the last unfinalised a\. However, 
we do ensure that each ag justifies at most one <72 during this phase. Since we can rely 
on the second part of the finishing up state (a ■ a ±) to hide (by visibility) the a\ from 
the last (by bracketing) unfinalised ADD-block, we know that the only way to reach a 
complete play is if O does indeed finalise the ADD-blocks in order from last to first. 

To establish undecidability we note that the represented Q-machine will halt if and 
only if the term is not observationally equivalent to A/. 17. Hence, observational equiva¬ 
lence is undecidable if the type contains a first-order (or higher) argument which is not 
the final argument (i.e. any type of the form 6 n 64, —f (#3 —f 62) —> Q\ —> 9 q 

for any RML types 0, and n > 3). 

C.2 Proof of Theorem HI 

We again rely on finite state systems equipped with a queue. However, rather than rely 
on Q-machines, this time we utilise a programming system called Queue. 

Definition 5. A Queue program has a single memory cell z that can store a symbol 
from £ and a queue (which can contain symbols from £). A program consists of a 
finite sequence of instructions of the form 1 : I\, 2 : I2, ■ ■ ■ ,m : I m , where each /, is 
one of the following: 

- enqueue a: add the symbol a £ £ to the end of the queue and go to the next 
instruction. 

- dequeue: if the queue is empty then halt, otherwise remove the element at the 
front of the queue and store it in z then go to the next instruction. 

- if z = a goto L where a € £ and L > 0 is a label. If the value stored in z is 
a then go to the Lth instruction, otherwise go to the next instruction. 

- halt. 

The halting problem for Queue programs is undecidable OH. 

We will simulate Queue programs using a recursive function of type (unit —» 
unit) —> unit. We will model the queue using the call-stack. Every enqueue will cause 
a recursive call which will allocate a variable cur containing the value to be enqueued. 
When an item is removed from the queue we will set cur to 0 which we assume is a 
special value not in £. This means that we know that the head of the queue corresponds 
to the oldest recursive call whose cur does not contain 0. 

In addition to the local variable cur we will also need global variables halt (a flag 
letting us know we should stop the computation and collapse the call-stack), pc (which 
instruction we are currently on), z (the Queue program’s memory cell) and two variables 
G and H. When we make our recursive call, the new value to be added to the queue 
will be (temporarily) stored in G. Further, the argument to the call (a function of type 
unit —>• unit) will be such that if it is run when H = 0 then the value of cur from the 


1 e t 

State = ref $q_0$ 

First = ref 1 
AddState = ref 0 
FetchState = ref 0 
FinishingState = ref 0 
in 

$\lambda$ f . 

[!State $\in Q'{A}$]; 
if ! AddState = 0 then 
AddState := 1; 

f (); 

[[State $\in F$, ! FinishingState = 1]; 

F i ni shi n g S t a te := 0; 

$\lambda$ x . $\Omega$ 
else if [AddState = 1 then 
let 

Symbol = ref $\ddag$ 

Accessed = ref (if ! First then + else —) 

Marked = ref — 

Finalised = ref — 
in 

AddState := 0; 
if ! First then 

First := 0; Symbol := $\dagger$ ; 
else 

(Symbol, S tate ) := $\de 11a ~{\ mathit {ADD}}$ (! S tate ); 
S\lambdaS x . 

if !State $\in Q"{F}$ then 
if !FetchState = 0 then 
[! Accessed = —]; 

Accessed := +; FetchState := 1; 

f 0; 

[! FetchState = 2]; 

FetchState := 0; 

State := $\delta '{\mathit {FETCH}}$ (! State ,! Symbol); 
else if [FetchState = 1 then 
[[Accessed = +, [Marked = —]; 

FetchState := 2; Marked := +; 
else $\Omega$ 

else if [State $\in F$ then 

[[FinishingState = 0, [Accessed = +, [Finalised = — ]; 
FinishingState := 1; Finalised := +; 
else $\Omega$ 
else $\Omega$ 


Fig. 10: The term encoding a Q-machine 



previous call will be written to G. If, on the other hand, the argument is run when H = 1 
it will cause the value at the front of the queue to be written to G and the appropriate 
cur to be set to 0 (i.e. that element is removed from the queue). 

Our term encoding a queue program is then 

let halt, pc, z,G,H = ref 0, ref 1, ref 0, ref 0, ref 0 in 

(liF^ n]t ^ un ' ,t ^ un] \Xarg un ' t ^ uni \body){Xc un '' t .f2) 


where body has the form 

let cur = ref (!G) in while lhalt = Odocase(!pc)[l i —> J\,..., m i->- J m ). 
Each Ji depends on /, according to Table Q] This term is equivalent to E 0 if 


Ii 

Ji 


pc:=i + 1; 

G := n; 

F(Ax.if \H = 0 then L else R ) 

enqueue n 

where 

L = G:= \cur 

R = if (H := 0; arg()-, \G = 0) then a := cur-, cur := 0 
else H '.= 1; arg() 

dequeue 

if ! cur = 0 then halt := 1 else 

if H := 0; arg()-, \G = 0 then z '■= \cur; cur := 0 else 
H:= 1; arg (); 
pc :=i + 1 

halt 

halt \= 1 

if z = n goto L 

if \z = n then pc := L else pc := i + 1 


Table 1: Simulations for each Queue program instruction 


and only if the simulated Queue program halts. Hence, observational equivalence of 
RMLo-str with recursive functions of type (unit —»■ unit) —» unit is undecidable. 








